Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
blog cms vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2018-17256
Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content (Blog, Content Page, etc.). The vulnerability is exploited when updating or removing public access of a content.
Umbraco Umbraco Cms 7.12.3
2.6
CVSSv2
CVE-2010-4734
Multiple cross-site scripting (XSS) vulnerabilities in the comment feature in Skeletonz CMS 1.0, when the Blog plugin is enabled, allow remote malicious users to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Email parameters. NOTE: some of these detai...
Amix Skeletonz Cms 1.0
1 EDB exploit
6.8
CVSSv2
CVE-2009-1765
Multiple directory traversal vulnerabilities in pluck 4.6.2, when register_globals is enabled, allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the langpref parameter to (1) data/modules/contactform/module_info.php, (2) data/modules/...
Pluck-cms Pluck 4.6.2
1 EDB exploit
3.5
CVSSv2
CVE-2017-20060
A vulnerability, which was classified as problematic, was found in Elefant CMS 1.3.12-RC. This affects an unknown part of the component Blog Post Handler. The manipulation leads to basic cross site scripting (Persistent). It is possible to initiate the attack remotely. Upgrading ...
Elefantcms Elefant Cms 1.3.12
6.8
CVSSv2
CVE-2007-1968
PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 up to and including 1.6, allows remote malicious users to execute arbitrary PHP code via a URL in the scoreid parameter.
Sam Crew Myblog 1.6
Sam Crew Myblog 1.4
Sam Crew Myblog 1.5
Sam Crew Myblog 1.0
Sam Crew Myblog 1.1
Sam Crew Myblog 1.2
Sam Crew Myblog 1.3
1 EDB exploit
5
CVSSv2
CVE-2008-6193
Sam Crew MyBlog stores passwords in cleartext in a MySQL database, which allows context-dependent malicious users to obtain sensitive information.
Myblog Myblog
1 EDB exploit
4.3
CVSSv2
CVE-2008-2962
Multiple cross-site scripting (XSS) vulnerabilities in MyBlog allow remote malicious users to inject arbitrary web script or HTML via the (1) s and (2) sort parameters to index.php, and the (3) id parameter to post.php.
Myblog Myblog
1 EDB exploit
6.8
CVSSv2
CVE-2008-2963
Multiple SQL injection vulnerabilities in MyBlog allow remote malicious users to execute arbitrary SQL commands via the (1) view parameter to (a) index.php, and the (2) id parameter to (b) member.php and (c) post.php.
Myblog Myblog
1 EDB exploit
7.5
CVSSv2
CVE-2017-15981
Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
Geniusocean Newspaper 1.0
1 EDB exploit
7.5
CVSSv2
CVE-2017-15982
Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
Geniusocean News 1.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »